Hi Folks,

I'm back again.

I have two AS1200 (AlphaServers) to donate. They're nice machines, but I
don't use them. One has two 400MHz CPUs (B3007-AA) and 512MB RAM, the other
has one 533MHz CPU (B3007-CA) and 256MB RAM.

They have lots of disks internally (2 and 4GB drives). They have several
SCSI controllers installed and are in fact set up to operate as a TruCluster
with shared storage, which is housed on two BA356 StorageWorks shelves
stuffed with 2 and 4GB drives. If someone were interes...

Does anyone have recommendations on server hardware for setting up a
redundant OpenBSD firewall? Right now our network handles several
million HTTP requests per day, and we expect that to continue growing.
I expect a simple pair of Dell rackmounted servers should handle this
easily, but I thought I'd solicit feedback from the firewall experts
on misc@ first. :-)

Thanks!

http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/21/349821
http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=5504

No patch yet. As these boxes are pretty popular, if someone writes
one, they'll be a hero. :)

C.

Why not start selling public key lists from the order site, then
those who care can order one (or more) CD(s) and a separately
delivered (set of) public key lists (in sealed envelopes). Otherwise
ordering CDs will suffice.

When a key is revoked (announced somewhere) or incompatibilities
occur order a new (set of) list(s).

Then there is the problem of the lists being replaced by some new
list by the postman, thus ordering a set of lists instead of only one.
Have them delivered by different cour...

You make it sound like OpenBSD is a vendor that is actively marketing to these
companies and that cannot make a sale because it is not meeting a specific set
of criteria in your requirements docs.

Tell you what. I am sure there are a number of individuals on the list who
own or work at companies that would be more than happy to provide your
employer with a custom-built set of installation binaries and packages, signed
for your digital pleasure. I expect bi-annual costs, including overhead l...

I'm not very knowledgeable, but have been looking at the documenation
lately:

So, intentional (corporate or government agreement with ISP) or
unintentional (use of M$ on ISP DNS server), could allow the initial
installation to become compromised, perhaps in a hard-to-detect way.

None of this seems to be solved in the installation guide:
http://openbsd.org/faq/faq4.html

Again, it looks like it might come down to keys or fingerprints and that
the network install might be depreciated. Rather,...

Yeah. It recently disappeared from the ACM's web site after 11+ years
of availability:
http://www.acm.org/classics/oct95/
There is, fortunately, the author's copy:
http://cm.bell-labs.com/who/ken/trust.html

There is an interesting follow up:
http://www.dwheeler.com/trusting-trust/
summary of the followup:
http://www.schneier.com/blog/archives/2006/01/countering_trus.html

The bottom line, however, is that having and using the source is not
optional.

Thus, patches are provided in OpenB...

hey,

I have a question on how to best limit traffic with pf. The main
goal is not so much to limit bandwidth to a lower point all the
time but more to prevent a runaway process (or user) from
drowning the rest.

Since i do not have the means for extensive testing i hope to
get some pointers before going down a path that would only waste
time and resources. I have the following situation (simplified):

/-vlan1 <==1Gb==> desktops
internet <==512Kb==>bge0 ...

Disklabel information, which includes the physical drive (partition c) can be
obtained from the disklabel(8) command. If the drive has non-OpenBSD MBR
partitions, *and* the disklabel was built after those MBR partitions were
created, they will have assigned partitions in the disklabel.

Show, in gigabytes, the layout of SCSI drive #0:

# disklabel -p g sd0

Show, in megabytes, the layout of IDE/ATA drive #1:

# disklabel -p m wd1

Show, in gigabytes/megabytes/kilobytes as needed, the capacit...

Hi,

Great to see your reply,

I would like to explain you in detail,

I am currently writing a java code which tries to find out the total
physical storage of an OpenBSD machine. Infact I would like to know the
complete partition table in an OPenBSD machine.

I have gone through the disklabel and fdisk command but both these command
take the device name as a parameter. So my first question would be to know
all the devices which are attached and may or may not be mounted. Once this
is obtained...

Try `sysctl -n hw.disknames'

then run disklabel on each of them

That might give you what you want.

/Alexander

Bonjour,

Suite aux diffirents litiges liis aux diptts frauduleux des noms de
domaine,

Il est disormais important et primordial pour une entreprise de protiger
sa marque ou sa raison sociale sur Internet en riservant son nom de
domaine dans les extensions .FR, .COM et .EU car la ligislation ne
prothge que trhs peu ces diptts.

Nous nous tenons ` votre disposition pour virifier gratuitement la
disponibiliti de votre raison sociale ou de votre marque sur
www.nom-domaine.fr

Notre sociiti met ` ...

Is that really the error message? What a horrible error
message.

The program is probably trying to use an unsupported sample
rate. If there are options that allow you to set the sample
rate, try either 44100 or 48000 Hz.

you assume incorrectly. gmfsk doesn't use OSS.

gmfsk uses 8000Hz sampling rates by default, which probably doesn't work
with some (most) azalia(4) codecs.

Settings->Preferences->Devices->Sound->Requested sample rate->48000

--
jakemsr@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

We've got similar problems about a year ago, when we deployed a
massive installation of vpn/ipsec clients based on isakmpd.

When testing the client robustness to a series of events, like physically
disconnecting network cables, simulating power failures and such, we
saw the same pattern.

Our solution was to use an external program to send simple icmp
packets to our internal network and restart isakmpd once "detecting"
the tunnel is down.

A web search has showed us that tunnel "recreation" is c...

Thanks for the reply.

I'm primarily buying this so that I can help Felix Kronlage test out
various data cards under OpenBSD.

Buying a $75 PCMCIA reader would certainly turn out to be cheaper than
investing money in a $800 laptop :-)

Best,

~Mayuresh

Having this being the default on ports could be a good
thing perhaps. The script would download the package
from a FTP and hashes from another one. But the hashes
are already stored inside the folder of the package on the
ports.. so to what use ?

Sources that get downloaded are hashed and the value compared
to the one stored by the package maintainer.

And you have to trust this person to be serious. And even
if he is, if he grabs the latest version of sources for XYZ
and those got a hole non ...

You're probably being sarcastic, but in the case of the master site,
it doesn't matter, because all the slaves probably rsync from the
master anyway.

--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smo...

Hi!

If I released code with cryptographic signatures, I'd not leave a secret
key file, nor a passphrase on the servers with the master web/ftp
site. I'd sign on a box you can't access from the master site (nor
the mirrors). So, no, the attacker would *not* gain access to signing
tools (ok, yes, the tools, perhaps, like gpg or openssl, but not the

Kind regards,

Hannah.

^^^^^^^^^^^^^^^^

Hmm, did you read what I wrote?

The breakin was detected due to the digital signature.

Anyway, it's obviously up to the OpenBSD developers what they do.

I'm not discussing wether its pointless or not, maybe you don't want
OpenBSD to be used at all?

Rui

--
Grudnuk demand sustenance!
Today is Setting Orange, the 48th day of The Aftermath in the YOLD 3173
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

And what are package updates?

Does pkg_add -u even check an e.g. md5 or does it trust the server?

Best
Martin

Using software from any source without interference from an
all-pervasive government is a very special, but unfortunatly today, a
very real issue for many people around the world. To be secure, you
have to get pieces of the puzzle over multiple paths. It all can't come
via the net since then you're open to man-in-the-middle.

Key-revocation announcements could come over the net (via an announce
list) but the new key would then have to come over a second channel.

One second-channel option is ...